> I wish the order of presentation were different, because it starts with incorrect and misleading claims and then only later fixes its trajectory.
I wouldn't hold my breath, every inch of this article is evidently AI-generated - you can tell not only from the meandering narrative but also from the "Not because X, but Y", the short punchy sentences to reiterate the same point, the really strange cherry-picked examples for head-to-head comparisons, and the sincere concern over simplified generalisms.
> Yeah, ok. This is what they should lead with. It's an important message.
Is it? Your optimism in hoping to find some point to all this restores some of my faith in humanity, but I think it's misplaced here. The entire premise of the article is bizarre - why should it be surprising or bad that historical figures from 1000s of years ago, regardless of their historical importance, don't have proportionate representation in contemporary discourse?
This seems like a pretty surprising process failure for a mature company like Grubhub, for such a marketing campaign to be greenlit without any guardrails. Wouldn't this be the kind of mishap you might expect from a startup or a 2-year old company?
Edit: I stand corrected. Per the Buzzfeed article, their spokesperson seems to be spinning this as an unexpected hit. So it wasn't a mistake, they were genuinely convinced it was a good idea?
It looks like it could be a binary intended to be snuck in with third party package dependencies and such that you might unintentionally execute within your lambda runtime. It's one thing doing mining at a slow trickle within the free tier of a single account, and another thing altogether when potentially millions of lambda functions in the wild are mining for you.
But agreed, it's not necessarily functionally different from any other crypto-mining malware hidden in public repos, save for the focus on runtime. Presumably Lambda provides a standardized enough runtime for reliable execution.
A more poignant elegy to the modern landscape of compliance theater I have never seen:
> Security Standards. Okta's ISMP includes adherance to and regular testing of the key controls, systems and procedures of its ISMP to validate that they are properly implemented and effective in addressing the threats and risks identified. Such testing includes:
> a) Internal risk assessments;
> b) ISO 27001, 27002, 27017 and 27018 certifications;
> c) NIST guidance; and
> d) SOC2 Type II (or successor standard) audits annually performed by accredited third-party auditors ("Audit Report").
I don't think storing AWS keys within Slack would comply to any of these standards?
We’ve been monitoring this internally, as customers of an Okta-like service.
I’ve also been closely monitoring the responses from our CTO and VP of Security when someone from our DevOps team posted a link to the Verge article in slack this morning.
Which brings me to this inquiry: How are your orgs responding to this? We have a dependency on an Okta-like provider and my first thought when reading this news was “you know, wonder if we should give our shit a sanity check”, and someone beat me to this, proposed it in slack but the idea was turned down by our SecOps team.
I moved over to Azure AD this morning (we only have a few devs and were already using Azure DevOps so this was doable). I requested that Okta cancel our account and let them know the reason was the potential data breach and their CEO's response on Twitter. Okta's response was that we signed an MSA agreement and that cancelling isn't an option, nor termination of fees.
Auth0 is run as an isolated subsidiary in its own infrastructure, with the old CEO still overseeing operations.
Due to the massive difference in Okta & Auth0's implementations I don't see that changing anytime soon.
Sounds about right. Here there will be a staff security training symposium that runs everyone through a training course bought in from the lowest bidder that is tangentially related to the issue followed by a self-congratulatory management meeting and that will be the whole issue resolved to satisfaction.
And yet Okta is the ultimate in box-ticking technology. They are bought to tick the boxes. So what happens now that the box tickers are not ticking the boxes?
Usually a mass exodus to a similar service with the same guarantees resulting in months of capacity problems as they try and scale out from customer influx.
Likely some stressed out buyers paid for overpriced homes given the sharply rising prices across the market (although completely by their choice), and the sellers probably loved it - but that's already par for the course with the housing market at the moment. Zillow probably didn't help but isn't the sole contributor by any means.
> A more innocent, but also unproven, theory is that those who got sick suffered from a mass condition brought on by some stressful underlying situation.
One could argue that we are doing the followup even to this day (with the China CLEP programme, India’s Chandrayaan, USA’s ongoing Artemis campaign and others). The deed was done, the minimum bar was set and humanity has been as determined as ever to breach the peak it had achieved back in the sixties even as government funding waxes and wanes. Public interest has not changed in the least.
I wouldn't hold my breath, every inch of this article is evidently AI-generated - you can tell not only from the meandering narrative but also from the "Not because X, but Y", the short punchy sentences to reiterate the same point, the really strange cherry-picked examples for head-to-head comparisons, and the sincere concern over simplified generalisms.
> Yeah, ok. This is what they should lead with. It's an important message.
Is it? Your optimism in hoping to find some point to all this restores some of my faith in humanity, but I think it's misplaced here. The entire premise of the article is bizarre - why should it be surprising or bad that historical figures from 1000s of years ago, regardless of their historical importance, don't have proportionate representation in contemporary discourse?